FRAMEWORK .legal | NIS2 Framework
NIS2 FRAMEWORK Navigate NIS2 compliance with confidence
The NIS2 Directive sets comprehensive requirements for risk management, incident handling and cybersecurity in critical sectors. We have mapped all requirements from Articles 20-21, 23, 27, 29 and 30 into clear, action-oriented frameworks with automated compliance tracking and integration with your existing security standards.
- Complete NIS2 framework covering all minimum risk management requirements
- Select only requirements that apply to your organisation – save time and resources
- Real-time compliance tracking shows exactly where you stand with NIS2
- Reuses existing ISO 27001 and GDPR tasks – avoid duplicate work
NIS2 Framework - Including Specialised Energy Sector Solution:
Our NIS2 Framework covers all directive requirements, with a dedicated, extended framework for the energy sector that goes beyond the general minimum requirements.
-
For all sectors: NIS2 Directive For all essential and important entities. Covers minimum requirements in Articles 20-21 and 23 regarding risk management, incident handling, supply chain security, business continuity and registration (Articles 27, 29, 30).
-
Specifically for the energy sector: NIS2 Energy For organisations in the Danish energy sector covered by Executive Order No. 260 of 6 March 2025. Extended framework with 21 thematic chapters and level-based implementation (levels 1-5) for organisational preparedness, physical security and cybersecurity.
NIS2 FRAMEWORK Tailor your NIS2 compliance strategy
Our NIS2 Framework maps all relevant requirements, but not every rule applies to every organisation. Customise your compliance approach efficiently:
How to design your framework:
-
Identify whether you are an essential or important entity
-
Find relevant chapters that affect your business
-
Focus on applicable articles to prioritise compliance efforts
-
Assess risk and impact for strategic implementation
Who Is Covered By NIS2?
You are covered by NIS2 if you are an essential or important entity in critical sectors (energy, transport, health, financial sector, digital infrastructure, etc.), provide digital services such as cloud computing, or operate critical infrastructure in Denmark.
Specifically for the energy sector: If your organisation is covered by Executive Order No. 260 on resilience and preparedness in the energy sector, you must meet both the NIS2 Directive's minimum requirements and the sector-specific controls defined in the order.
NIS2 FRAMEWORK Leverage synergies with existing compliance frameworks
The NIS2 Framework integrates seamlessly with your existing compliance programmes. Avoid duplication and maximise the value of your current investments:
Framework Synergies:
-
The same security controls can meet multiple requirements simultaneously
-
Documentation and processes can be reused across frameworks
-
Investment in one area strengthens compliance on multiple fronts
-
Less duplication of work and resources
Examples of overlapping frameworks:
-
ISO 27001 Many companies start with ISO 27001 as the foundation for NIS2 compliance. Information security management and risk management directly support NIS2's requirements for technical and organisational security measures.
-
GDPR Personal data protection and processing security overlap with NIS2's requirements for data protection and breach handling, particularly when handling personal data in security incidents.
-
CIS18 Practical cybersecurity controls from CIS Controls implement many of the technical measures NIS2 requires, from asset and access management to incident response.
-
CER Directive For the energy sector, critical infrastructure requirements from the CER Directive supplement NIS2's cybersecurity focus with physical security measures and emergency planning.
-
Lægeforeningen Michael Berner (Lawyer).legal has been the right choice for us. .legal are professional and welcoming with skilled employees.
-
Min By Media Tinna Schultz (HR manager)It just works! It is so easy and user-friendly, and the overview of processing activities is brilliant.
-
Bech-Bruun Mikkel Friis Rossa (Partner).legal's team has consistently demonstrated a commitment to innovation while being responsive to the needs of our mutual clients.
-
DMJX Kaspar Rochholz (GDPR coordinator).legal has really understood what it means to create a user-friendly and efficient solution. Privacy is an attractive product compared to price and functionality.
-
Axel Kaufmann ApS Julie Lundkvist Andreasen (Lawyer and Head of Customer Service).legal continuously update the platform to ensure their customers always remain compliant. In our view, any other choice would be a downgrade.
-
Molecule Consultancy Nanna Rodian Christensen (HR & Operational Manager)Firstly, it means that not all the work is in one place (me), and secondly, that the understanding of GDPR is implemented throughout the organisation.
-
Fenerum Rasmus Boutrup (Financial Controller)With .legal, we've gained a simpler and more manageable solution that better suits our needs
-
Novicell Julie Oxenvad (Legal Consultant)We are satisfied with the switch to .legal – it has strengthened our compliance work, made processes easier to manage and more transparent, and improved cross-team collaboration
.jpeg)
.jpg)
.jpg)
.jpg)
-1.png)
.jpeg)
.jpg)
